12 Replies Latest reply on Feb 14, 2014 5:16 AM by Linyee-Oracle

    (Security Server is down or cannot be reached) Headaches

    James.Franklin

      Hello,

      I'm new to the Oracle world and am having a frustrating problem logging onto the E1 environment through the provided templates for the first time.

       

      I am able to load up the Linux Database, Enterprise and HTML servers, however when I go to login to the main EnterpriseOne on port 8080,  I am greeted with an error message of    The Security Server is down or cannot be reached. Please contact the System Administrator." when using the default JDE JDE credentials. On the enterprise server I am able to run the porttest correctly so I know their is database connectivity with the enterprise server.

      To startup the enterprise server I am using the ./RunOneWorld.sh command then starting the weblogic server to start the html server.

       

      Thank you for the help, this problem has been driving me mad.

       

      James

        • 1. Re: (Security Server is down or cannot be reached) Headaches
          Linyee-Oracle

          Hello and Welcome to the Communities!

           

          Can you elaborate on how do you login to the main EnterpriseOne on port 8080?

          Since you are not able to connect to the security server, are the hosts file defined or if the port numbers are set correctly?

          Appreciate your clarification.

           

          Thank you.

          • 2. Re: (Security Server is down or cannot be reached) Headaches
            Kheng Wee-Oracle

            Hi James

             

            After the templates are being installed for the OVM install, there are  Next Steps of the OVM install guide. One of the step is to setup sign on security.

            After you have installed the JD Edwards EnterpriseOne Deployment Server, Enterprise Server, Database Server, and HTML Web Server, you may wish to perform some of these tasks:

            • Working with Sign-on Security

             

            These tasks are described in detail in the JD Edwards EnterpriseOne Applications Release 9.1 Installation Guide for Oracle on Unix, which is available in the document on the Oracle Technology Network at this link:

            http://docs.oracle.com/cd/E24902_01/doc.91/e23313.pdf

             

            You will need to setup sign on security and ensure that sign-on security is being setup in jde.ini for the enterprise server.

            The way to check if sign-on security setup is to check the SecurityServer=<enterprise server name> or SecurityServer=

            If this setting is blank, the sign-on security have not been setup.

             

            Please let me know on whether this resolves your issue here ?

             

            Kheng Wee

            • 3. Re: (Security Server is down or cannot be reached) Headaches
              James.Franklin

              Thank you for getting back to me so fast.

              I used the the pre-existing templates and referred to the documentation stating to run the command ./startWebLogic.sh on the E1 web server.
              From there I log into the weblogic interface with the credentials weblogic and ovsadminE1 and start the html_server (E1) which is operates on port 8080.
              Once started I navigate to http://my-ip:8080/jde and see the JD Edwards Enterprise One login screen, its only once I try to login with JDE JDE do I get the warning.

               

              I have not configured any host files or port files however I can see the login screen and ping all the servers on the network.

               

              At the moment I am trying a fix only mentioned on the knowledge base which is to update numberofAutoStartProcesses=0 to numberofAutoStartProcesses=1 in the JDE.INI on the enterprise server.

              Hope this clarifies what I'm trying to do.

              James

              • 4. Re: (Security Server is down or cannot be reached) Headaches
                Juditl -Oracle

                Hi James,

                 

                Do you mean you encounter error when logging on to E1 web client? As what Kheng Wee has mentioned, you will need to setup Sign on security.

                Make sure you setup the sign on security first and system userid.

                If signon security has been setup and issue persists, you can attach the E1root.log from the JAS server and jde.log from Enterprise server when issue occurs for further diagnosis.

                 

                Thanks!

                • 5. Re: (Security Server is down or cannot be reached) Headaches
                  Kheng Wee-Oracle

                  It is not necessary to setup numberofAutoStartProcesses=0 to numberofAutoStartProcesses=1 as E1 will automatically start. That solution may or may not work for you.

                  Please check the [SECURITY]

                  SecurityServer=  settings and let me know what it is being setup as.

                  Also, check P9800001 to ensure the system userid JDE is already been setup.

                  If it is not being setup, set it up.


                  Kheng Wee


                  • 6. Re: (Security Server is down or cannot be reached) Headaches
                    Kheng Wee-Oracle

                    The reason for setup the numberofAutoStartProcesses=1 is when there is a performance issue at the E1 side.

                    So, if you SecurityServer=<enterprise server name> , P9800001 have been setup  and P98OWSEC shows JDE have been assigned to the E1 user JDE, then numberofAutoStartProcesses=1 may resolve the performance issue.

                    • 7. Re: (Security Server is down or cannot be reached) Headaches
                      James.Franklin

                      JuditL -Oracle wrote:

                       

                      Hi James,

                       

                      Do you mean you encounter error when logging on to E1 web client? As what Kheng Wee has mentioned, you will need to setup Sign on security.

                      Make sure you setup the sign on security first and system userid.

                      If signon security has been setup and issue persists, you can attach the E1root.log from the JAS server and jde.log from Enterprise server when issue occurs for further diagnosis.

                       

                      Thanks!

                      Correct, my issues are when I'm trying to sign on through the E1 web interface on the E1 html_server and I prompted with the "security server can not be found"
                      I was under the impression that sign on security was configured automatically on the template and modified through the Eone_cfg.sh/ -syn scripts where required when the server is first started?

                      I have manually edited the jas.ini file on the html and enterprise server and filled in the SecurityServer=<enterprise server name> line with my enterprise servers ip however get the same message.
                      Is there a way to confirm the security server is active on the enterprise server?


                      Could you please be more specific as to what log files are of interest and their location as I am having trouble identifying exactly what log is useful.



                      [root@ENT1 log]# vi jde_2358.log

                      2358/-167205168 SYS:Metadata                            Thu Feb 13 04:36:44.000511      dbperfrq.c471

                              OCI0000178 - Unable to execute - SELECT  COUNT(*)  FROM SY910.F988259  WHERE ( DBIPADD = :KEY1 AND DBPORTNUM = :KEY2 AND DBQUSTA = :KEY3 )

                      2358/-167205168 SYS:Metadata                            Thu Feb 13 04:36:44.001024      dbperfrq.c477

                              OCI0000179 - Error - ORA-03114: not connected to ORACLE

                      2358/-167205168 SYS:Metadata                            Thu Feb 13 04:36:44.001102      jdb_drvm.c1003

                              JDB9900401 - Failed to execute db request

                      2358/-167205168 SYS:Metadata                            Thu Feb 13 04:36:44.001175      jtp_cm.c1344

                              JDB9900255 - Database connection to F988259 (System - 910) has been lost.

                      2358/-167205168 SYS:Metadata                            Thu Feb 13 04:36:59.008620      dbperfrq.c471

                              OCI0000178 - Unable to execute - SELECT  COUNT(*)  FROM SY910.F988259  WHERE ( DBIPADD = :KEY1 AND DBPORTNUM = :KEY2 AND DBQUSTA = :KEY3 )

                      "jde_2358.log" 24L, 1378C

                       

                       

                       

                       

                      JDE.INI (Enterprise Server)
                      [SECURITY]

                      HashIterations=10000

                      LDAPAuthentication=false

                      NumServers=1

                      SecurityMode=0

                      SecurityServer1=NONE

                      SecurityServer2=NONE

                      SecurityServer3=NONE

                      SecurityServer4=NONE

                      User=JDE

                      Password=JDE

                      Default Role=*ALL

                      DefaultEnvironment=DV910

                      DataSource=System - 910

                      SecurityServer=[Enterprise-Machine-IP]

                      ServerPswdFile=TRUE

                      History=0



                      JDE.INI (WEB Server)

                      [SECURITY]

                      CookieLifeTime=7

                      frameBustingForApp=differentDomain

                      frameBustingForE1Menu=differentDomain

                      frameBustingForLogin=differentDomain

                      NumServers=1

                      OracleAccessSSO=false

                      OracleAccessSSOSignOffURL=

                      OracleSSO=false

                      OracleSSOSignOffURL=

                      SecurityServer1=NONE

                      SecurityServer2=NONE

                      SecurityServer3=NONE

                      SecurityServer4=NONE

                      SecurityServer=[Enterprise-Machine-IP]

                      SSOEnabled=false

                      StrictVersionSecurity=0

                      UseLogonCookie=FALSE


                      These are the only steps I have performed in regards to setting up a security server. Are there more steps that I should perform?

                      • 8. Re: (Security Server is down or cannot be reached) Headaches
                        Linyee-Oracle

                        With the error "OCI0000179 - Error - ORA-03114: not connected to ORACLE", it suggest that the connection process was broken.

                        There is a problem connecting to the database.

                         

                        Can you test if you can connection to the RDB via SQL Worksheet on JAS?

                        Are there firewall settings?

                        You may want to increase the timeout as well.

                         

                        Please check and verify.

                        • 9. Re: (Security Server is down or cannot be reached) Headaches
                          Kheng Wee-Oracle

                          You should look for the jde_nnnn.log for the word SECURITY KERNEL.

                          This will show you the log for the security kernel that you have autostarted.

                          2 more things need to check for the sign-on security:

                          1. P9800001 needs to have JDE setup as a system user

                          2. P98OWSEC needs to assign JDE as the proxy user for JDE

                          Are you using IP address for your enterprise server name  in jde.ini and jas.ini ?

                          Can you use a server name instead of IP address ?

                           

                          Please also show us the P98OWSEC and P9800001 setup

                          Kheng Wee

                          1 person found this helpful
                          • 10. Re: (Security Server is down or cannot be reached) Headaches
                            James.Franklin

                            Thank you Kheng Wee,
                            I was able to resolve the security server issues by running search for every jas.ini file on the server and renaming it to the machine name.

                            I also discovered that the template configuration script did not properly put the servers on the network domain, and I had to manually set the hostname as fully qualified.

                             

                            However....the saga continues.

                            While the security server error message is gone, I have got a new one "An unknown JAS sign in error occurred".
                            Where would the best place to find a log file for this error message be?

                             

                            Thanks

                            • 11. Re: (Security Server is down or cannot be reached) Headaches
                              James.Franklin

                              ALL INSTALLED

                               

                              For all those using the templates I would suggest you change the default lxdb paths throughout the enterprise server and web server in all the jde.ini files, jas.ini, tnslistner.ora to your machine names, for reason it is not automatically changed during the setup. You may need to use the   find / -name xxxx.ini command to find all of the files throughout the server, as there are multiples.

                               

                              Thank you everyone for all the help.

                              • 12. Re: (Security Server is down or cannot be reached) Headaches
                                Linyee-Oracle

                                Thanks for sharing!

                                Glad to know all went well.